I am running:
Jenkins 1.545
CAS plugin 1.1.1 for authentication
Role Strategy Plugin 2.1.0 for authorization
Priority Sorter plugin 2.5
(these are the latest available at the time of writing)

The only security granted to anonymous users is "overall - read" and "job - read". However, if an anonymous user views Jenkins, the link to the management function "Job Priorities" remains visible in the top left hand corner of the Jenkins main page, and can be clicked. You can then create / edit / delete job priority groups.

The function should only be available to administrations. I suspect that the Priority Sorter plugin simply does not check for authorisation.